As you well know that someone could be secretly watching you or your child with your webcam right now? Is it worth taking such a risk? camDown FREE can help stop them!
MICROSOFT has warned thousands of its cloud computing customers of a security flaw after a data breach leaked the personal records of 38million people.
The tech giant has told customers - which include some of the world's largest companies - that intruders could have the ability to read, change or even delete their main databases, according to a copy of the email and a cyber security researcher.
The vulnerability is in Microsoft Azure's flagship Cosmos DB database.
A research team at security company Wiz discovered it was able to access keys that control access to databases held by thousands of companies.
Companies including Coca-Cola and Exxon-Mobil use Cosmos DB "to manage massive volumes of data around the world in real time", according to Wiz.
Because Microsoft cannot change those keys by itself, and emailed the customers Thursday telling them to create new ones.
Microsoft agreed to pay Wiz $40,000 for finding the flaw and reporting it, according to an email it sent to Wiz - whose chief technology officer Ami Luttwak is a former chief technology officer at Microsoft's Cloud Security Group.
"We fixed this issue immediately to keep our customers safe and protected," Microsoft told Reuters.
"We thank the security researchers for working under coordinated vulnerability disclosure."
Microsoft's email to customers said there was no evidence the flaw had been exploited.
"This is the worst cloud vulnerability you can imagine. It is a long-lasting secret," Luttwak told Reuters.
"This is the central database of Azure, and we were able to get access to any customer database that we wanted."
Luttwak's team found the problem, dubbed ChaosDB, on August 9 and notified Microsoft August 12, he said.
The flaw was in a visualization tool called Jupyter Notebook, which has been available for years but was enabled by default in Cosmos beginning in February. After Reuters reported on the flaw, Wiz detailed the issue in a blog post.
Luttwak said even customers who have not been notified by Microsoft could have had their keys swiped by attackers, giving them access until those keys are changed. Microsoft only told customers whose keys were visible this month, when Wiz was working on the issue.
Microsoft told Reuters that "customers who may have been impacted received a notification from us," without elaborating.
It comes after a massive Microsoft data breach exposed 38million records -including Social Security numbers and vaccination data.
American Airlines, Ford, J.B. Hunt, the Maryland Department of Health, the New York City Municipal Transportation Authority, and New York City public schools were among the companies and organizations affected by the mistake.
The data mistakenly shared online included information from a number of Covid-19 contact tracing platforms, vaccination sign-ups, job application portals, and employee databases, according to Wired.
Sensitive information revealed included people’s phone numbers, home addresses, social security numbers, and Covid-19 vaccination status.
Microsoft reveals Windows 11 with Android apps and Xbox Game Pass access
I’d like to add that camDown FREE is the maximum in security for you and your loved ones and your mother would agree.